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(54) System and method of associating devices to secure commercial transactions performed 
over the internet 



(57) The Invention discloses how to associate com- 
munications devices so as to carry out secure transac- 
tions over an untrusted network i.e., ttie Internet. The 
communications devices are assumed to be independ- 
ently capable of communicating with an electronic com- 
meicial-lilte site managing adirectory of legitimate users 
which ail possess a token e.g., a chip-card. Then, when- 
ever one user desires to carry out a secure transaction 
it first prepares it from a communications devtee featur- 
ing convenient interfaces e.g., a personal computer with 
large display and keyboard. When done, signature of 
the secure transaction must be obtained from another 



communications device through which the legitimate us- 
er is reachable and which Is enabled with the token it 
possesses. When called from the commerclal-IIke site 
the second communications device can thus, check, 
sign and transmit back to the commercial-like site the 
signed secure transaction where Its final processing can 
go on. Therefore, the Invention combines built-in fea- 
tures of standard communteations devices to conven- 
iently carry through elaborated secure transactions that 
would othenvlse require added features such as large 
displays and keyboards to wireless mobile devtees or 
chip-card reader to personal computers. 
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Description 

Field of the Invention 

tOOOl ] The present invention reiates generaliy to the 
internet and more particularly applies to eiectronic com- 
merce and to coirvneidal-like transactions that tai<e 
place over the internet requiring that originator of such 
a transaction should neither be able to masquerade as 
someone else (originator must be authenticated) nor 
can later deny to have actually effected the transaction 
(non-repudiation). 

Background of the Invention 

[0002] Commerce overthe Internet is dramatically ex- 
panding. It Involves aii sorts of transactions implying the 
movement of electronic money. Ail of this is taking place 
over what is, basically, a very unsecured network. 
Therefore, based on cryptography, numerous tech- 
niques and methods have been devised not only ensur- 
ing confidentiality of the transactions but also, this is of- 
ten even more Important, authentication, integrity and 
non-repudiation. Authentteation is required to ascertain 
the origin of a transaction so as no one should be able 
to masquerade as someone else. Integrity is key to 
make sure that a transaction has not been modified, un- 
intentionally or maliciously, on Its way through the net- 
work to destination e.g., a server aimed at processing 
the customer orders. Finally, non repudiation is essen- 
tial to make sure that a completed transaction, that may 
involve a lot of money, may not just be denied later on 
by any of the participants. 

[0003] Accesslngthe internet is mainly achieved now- 
adays f iiom a PC (Personal Computer), a WS (Work Sta- 
tion) or any computer-like device capable of running a 
piece of software, referred to as a browser, in order to 
be able to get on the World-Wide Web (or Just the Web) 
the ubiquitous application that has accompanied the ex- 
plosive growth of the Internet in past years. Thus, an 
I ntemet commerce site Is a particular Web site aimed at 
handling commercial transactions. A well-known site is 
e.g., located at httpV/www.amazon.com/. It is a huge vir- 
tual bookstore selling also music and videos. Th^ claim 
that millions of people, from many countries, have in- 
deed made online shopping on theirsite. Although such 
sites also claim they are completely safe (since one has 
to disclose them a credit card number to buy something) 
they actually fail meeting satisfactorily all of the criteri- 
ons here above mentioned that is, authentication, integ- 
rity and non-repudiation. To reach completely these ob- 
jectives connecting PC's would need to be equipped 
with smart card readers and users would have to carry 
a token I.e., intelligent chip-cards or smart-cards so that 
authentication based on the knowledge (PIN or pass- 
word) and possession (card) principle can be canried 
out. Smart-cards are also suitable forstoring certificates 
and encryption keys securely. Smart cards with an inte- 



grated crypto-processor can implement cryptographic 
functions directly on the card so that the keys never 
leave the smart card. For example, a digital signature, 
which generally consists in encrypting, with user private 

s key, a digest obtained through the application of a hash 
function over transaction content then, appended to it 
80 that recipient may later check the transaction with us- 
er public key and make sure that it has not been altered 
on its way and has well been originated by whom pos- 

10 sesses the corresponding private key This eliminates 
any possibility of the key falling into the wrong hands. 
However, all of this is only possible is PC is indeed 
equipped with Ihe proper hardware i.e., a card reader 
and the corresponding software or device driver to per- 
fonn the adaptation with the OS (Operating System) 
mnning on the PC. This is a new technology and a new 
type of I/O port to be added to PC's. This has a cost 
which does not fit well with the general trend that wants 
to reduce as much as possible the operational expenses 

20 of a private or enterprise network hence, requiring to 
lower the cost of leiminal equipment's and TCO (Total 
Cost of Ownership). TTius, in practice, when manufac- 
tured, PC's are still seldom equipped with such card 
readers. Although a separate chip card reader can al- 

ss ways be later added to a particular PC this requires that 
the corresponding software, the device driver, be also 
Installed thus further personalizing it. 
[0004] On the other hand another even more explo- 
sive market is the one of mobile wireless communica- 

30 tions first mainly driven by mobile digital cellular phones 
however, rapidly evolving to cover other appitoations in 
relation with the Internet such as e-mail in a first place, 
it Is anticipated that electronic commerce applications 
such as personal banking, stock trading, gambling, tlck- 

35 et reservations and shopping will soon become com- 
monly available on mobile phones. Hence, the security 
of data communtoations over wireless networks has be- 
come a major concern to mobile commerce businesses 
and users which has triggered the development of prod- 

40 ucts to build secure systems that solve the core require- 
ments of electronic commerce security already here 
above mentioned namely: confidentiality, authentica- 
tion, integrity and non-repudiation. Also, standards are 
being put in place to control the development of such 

45 products and make sure that they may inter operate. 
The Wireless Application Protocol (WAP) Forum (http:// 
www.wapforum.org) has thus become the de facto 
worldwide standard for providing internet communica- 
tions and advanced telephony servtees on digital mobile 

so phones, pagers, personal digital assistants and other 
wireless terminals. Therefore, ail these devices, contra- 
ry to PC's, are promised to be upfront equipped with all 
necessary features and functions so as to guarantee se- 
curity of electronic commerce transactions. Neverthe- 

55 less, they all also have inherent limited display capability 
and rudimentary user Interface along with limited 
processing power, battery life and storage capabilities. 
^005] Therefore it is a broad object of the invention 
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to combine the advantages ot PC's which have great 
display and user interface capabilities with the built-in 
security features of modern wireless mobile devices so 
as to enable convenient and secure electronic com- 
merce transactions. 

[0006] Further objects, features and advantages of 
the present invention will become apparent to the ones 
sl(illed In the art upon examination of the following de- 
scription In reference to the accompanying drawings. It 
is Intended that any additional advantages be incorpo- 
rated herein. 

Summary of the Imrentlon 

[0007] A method and a system of associatin g commu- 
nications devices to carry out a secure transaction over 
an untrusted networkfrom an electronic commerclal-lllce 
site are disclosed. The communications devices are In- 
dependently capable of communicating with the elec- 
tronic commerclal-lil<e site which manages a directory 
of legitimate users each having an identification record. 
The users are also assumed to possess a tolcen e.g., a 
chip-card. Then, whenever one legitimate user desires 
to carry out a secure transaction this latter Is first pre- 
pared with the help of a first communications device, 
featuring convenient human being interfaces e.g., a per- 
sonal computer. When done, an approval of the secure 
transaction content Is forwarded to the commsrcial-lilte 
site, from the first communications device. When the ap- 
proval Is received In the commercial-like site the identi- 
fication of a second communications device, through 
which the legitimate user Is reachable, is retrieved from 
its Identification record. This triggers the Issuing of a re- 
quest, from the commerdal-iike server towards the sec- 
ond communications device, to have the secure trans- 
action signed. Hence, signature of the secure transac- 
tion Is carried out with the second communications de- 
vice, enabled by the tol(en of the legitimate user thus, 
obtaining a signed secure transaction which is transmit- 
ted back to the commercial-like site which performs a 
final checking in order to complete the secure transac- 
tion. 

[0008] Therefore, the method and system of the in- 
vention combine built-in features of standard communi- 
cations devices to conveniently carry out secure com- 
merciai-iike transactions over an Intrusted network i.e., 
the internet. Especially, the Invention neither requires 
that standard personal computers or work station be 
equipped with a chip-card reader nor that wireless mo- 
bile devices need to have large displays and keyboards 
to be able to carry through elaborated transactions. 

Brief Description of the Drawings 

[0009] 

Figure 1 depicts the state of the art where the Inter- 
net can be accessed independently either 



from a personal computer or a wireless mo- 
bile devtee. 

Figure 2 Is an example of a commercial transaction, 
5 perthe invention, In which a personal com- 

puter and a wireless mobile device cooper- 
ate to carry It out. 

Figure 3 shows an example of the correlation table, 
10 according to the Invention, cross referenc- 

ing the transactton identifiers that permits 
to perform a secure transaction. 

Figure 4 illustrates the overall architecture of the 
IS system through an example involving a 

personal computer and a cellular mobile 
phone. 

Detailed Description of the Preferred Embodiment 

20 

[0010] Figure 1 illustrates current ait where a user 
[100] may have access to a commercial Internet Web 
site e.g., the AMAZON.COM virtual bookstore [105] (at 
http://www.amazon.com) to perfomi a transaction such 

25 as buying a book. This can bedone e.g. , from a personal 
computer (PC) [1 1 0] having a connection to the Internet 
[115] through a modem or a U^N (local area network) 
and running a browser capable of conveniently display- 
ing pages from the here above Web site so as user [1 00] 

30 can gatheraii necessary Infomiation on what it is buying. 
Current PC's are always equipped with large display 
monitors [1 20] having at least a 1 5-inch wide scnsen (di- 
agonal) capable of displaying 800x600 pixels or more, 
PC's are also always equipped with a 100-key+ key- 

35 board [125] and a pointing device, usually a mouse 
[130]. The same user [100] is also commonly carrying 
a mobile telephone [140] or any equivalent wireless 
portable device whtoh are now able to connect to the 
Internet too (1 45]. Moreover, they are personalized with 

40 a token e.g., a smart-card or chip-card [155] so as user 
[100] may be uniquely Identified. However, contrary to 
PC's, those wireless portable devices have very poor 
display capabilities [1 60], limited to a few lines of a few 
characters, and have rudimentary numeric keyboards 

4S [150], 

[001 1] Figure 2 depicts a typical transaction accord- 
ing to the invention, involving a client PC machine [200] 
(or a work station or any computer-like device) end a 
wireless portable mobile device [210] e.g., a mobile 

50 phone. Transaction Is initiated from the client PC at step 
[201 ] when a user, having access to this PC, must reach 
a remote sen/er, typically through the 1 nternet or through 
any public and/or private network or combination of, on 
which a business application [230] is running setting up 

5S the commercial-like site user desires to deal with. In the 
example chosen in figure 1 this is the amazon.com vir- 
tual bookstore. Then, the first action from the application 
Is to request [231] client authentication. User responds 



3 



5 



EP1161055 A2 



6 



to the request complying with whatever method is In ef- 
fect in the server i.e., provides credentials to be recog- 
nized as a legltmate user. The standard practice Is to 
send [202] a user ID with a password. More sophisticat- 
ed nfiethods might also require the sending, t>y the client 
and/or the server, of certificates issued by a third party 
i.e., a CA (Certificate Authority), trusted by user and/or 
server Irrespective of the method enforced In the server, 
when satisfied, this latter eventually authenticates the 
user [232] unless (this is not shown) user fells answering 
satisfactorily in which case the transaction is obviously 
aborted by the server. All of this can actually be Imple- 
mented from various well known methods known by 
those sidlled In the art. Many variants exist. As an ex- 
ample, certificates could be X.S09 certificates as de- 
scribed in RFC2469 of the IETF (Request For Com- 
ments of the Internet Engineering Task Force) used by 
the Web browsers supporting SSL (Secure Socket L.ay- 
er) protocol which is being standardized underthe name 
of TLS (Transport Layer Security) protocol in RFC2246. 
As far as Web server is concerned the only other as- 
sumption is that It Is capable of generating static and 
dynamic HTML (Hyper Text Markup Language) pages, 
the language of the Web, that are thus view able from 
the Web browser client machine [200]. 
[0012] When the user has been recognized as a le- 
gitimate user by the server it is then permitted to browse 
the server HTML pages of the application so as together 
all the necessary information regarding the transaction 
user wants to perfonn. This assumes that muiUple ex- 
changes may have to take place between the client ma- 
chine [203] and the server [233] and generally require 
that users till virtual forms [204] I.e., dynamic HTML pag- 
es fomnatted by the seiver [234], that this latter will use 
to Interpret the content of the transaction go as to deter- 
mine what user Intends to do. In the previous simple ex- 
ample of the amazon.com server, a virtual shopping cart 
is filled e.g. , with book(s) that the user desire to acquire. 
While filling its cart a user has thus, optionally, the pos- 
sibility of consulting ail the infbnnatlon provided by the 
server about the books, their authors, the press critics 
along with their prices, availability, delivery options and 
generally all sorts of data that a customer is willing to 
know before proceeding to a virtual cash register. 
[0013] Thus, when the user is finally satisfied with the 
content of the transaction thus, having completed the 
overall preparation phase [240] It eventually approves it 
[205] from the client PC. Still ref en-lng to the here above 
example of the amazon.com bookstore this occurs 
when it has finished filling its virtual shopping cart. In 
another example this is because user has finalized Its 
today list of shares he wants to sell or buy through the 
server of Its preferred broker. Obviously, although not 
explicitly shown, user has always the freedom of abort- 
ing the transaction any time before completion. Or, the 
transaction may be aborted Just because something 
wrong happens between the client PC and the server 
such as an interruption of the communteatlon. However, 



nonnaily, the transaction is approved by the user from 
the client PC [205]. At this point, in most of today's com- 
mercial Web site, the essential of the transaction is over 
If one excepts the sending by the server of a closing 
s message confinning the tenns and content of the trans- 
action also thanking the user that is, the Web site cus- 
tomer. However, all of (his rests on the good faith of both 
parties. The owner of the commercial Web site might 
not sent the onlered Items. The user might use a fake 
10 or stolen credit card number or It may later deny to have 
really effected the transaction. To overcome this, meth- 
ods have been devised so as none of the parties in- 
volved can masquerade as someone else nor may later 
deny to have effected the transaction. However, this re- 
's quirossomefonn of strong authentication and electronic 
signature that the user side may only fulfilled if the client 
PC is Indeed equipped with the proper equipment that 
is, a smart-card reader and its related supporting soft- 
ware or 'driver", so as the user of the client PC may prove 
^ it Is the one It pretends to be through the possession of 
a token i.e., Its smart-cart, However, standard PCs and 
working stations are seldom equipped nowadays with 
such a piece of hardware and there Is no clear sign that 
this will become a standard feature (like a mouse) In a 
2« foreseeable future even though. It is obviously always 
possible to add, on a particular PC, a separate card 
reader and install the proper software to drive it. 
[0014] On the other hand, while Internet and the elec- 
tronic commerce was dramatteally growing, an even 
30 more explosive market is the one of the wireless mobile 
devices; first of all, cellular mobile phones, which have 
been universally accepted. Because the latest versions 
of these devices are now able to connect to the Internet 
too and also, because their use Is conditioned to the in- 
35 sertlon of a smart-card, so that the bearer is Identified, 
they become the device of choice to perform strong au- 
thentication and to approve and sign commercial trans- 
actions. Therefore, the method of the Invention as- 
sumes that the user of the client PC, that has initiated 
40 the transaction, Is also carrying such a wireless mobile 
portable device. Then, transaction goes on with step 
[235] when Web server needs to obtain the signature of 
it by the user. To do so, server manages at least one 
table, an example of whteh is further described in figure 
45 3, cross-referencing all legitimate user IDs that are per- 
mitted to access the Web site along with their mobile 
devtee ID and public key (held in the user own token e. 
g., a smart-card). Hence, table is looked-up to retrieve 
user phone number and smartcard public key. After 
so which, the transaction data are fomiatted and optionally 
signed [236] using the user smart-card public key also, 
optionally, further countersigned with the server private 
key (so as user is made certain of the origin of the trans- 
action if necessary) and the Web server dials automat- 
es teallytheusermobiie phone [221], using WTA standard 
previously discussed, providing for mechanisms that al- 
low origin senrers to deliver data to a mobile tenninal 
even though this tatter has not Issued any request. 
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Meanwhile, Web server holds PC Web request [222] un- 
til mobile device eventually responds, This part of the 
signature process, in which business application Is Is- 
suing the signature request [250], is shown to be Imple- 
mented here mainly under the form of a so-called 
Java™ Servlet [220]. While Java™ is, among other 
things, a popular, simple, object-oriented, distributed 
and Interpreted general-purpose programming lan- 
guage developed by Sun Microsystems (Sun Microsys- 
tems, Inc., 901 San Antonio Road, Palo Alto, CA 94303 
USA.) Java'^" Serviets are small, platform-Independent 
Java™ programs that can be used to extend the func- 
tionality of a Web server In a variety of ways thus, are 
convenient to implement the signing function of the In- 
vention. However, this Is only one example of carrying 
out the Invention. The ones skilled In the art will recog- 
nize that, without departing from the spirit of the inven- 
tion. It may be Implemented In many altemate equivalent 
ways. Especially, the signing process could be Imbed- 
ded Into the Web Server application so as the two proc- 
esses [220] and [230] are merged. When user accepts 
the Incoming call on his mobile device, Web generated 
transaction content, optionally signed with user public 
key and possibly countersigned with server private key, 
may be checked by the smartcard if it is necessary to 
ascertain Its origin [211]. Then, user is prompted to val- 
idate the transaction. At this point user may want to re- 
view the content of the transaction [212] received on Its 
mobile wireless devne (whteh Is sufficient In general to 
be sure vi^at transaction Is being signed). Transaction 
may be displayed on the mobile screen, preferably In an 
abridged form for the sake of convenience, due to the 
limited capacity of the display of such devices. Alterna- 
tively, this step may just be replaced by the display of a 
number, associated with the transaction, a common 
practice when dealing with a Web server or ordering 
goods or services over the phone. This transaction 
number may thus be used as a con"elator so as user Is 
made certain of what transaction Is being validated, Af- 
ter this, smart-card is requesting a PIN (personal iden- 
tifteation code) [213] so as transaction can now be 
signed with user private key [21 4]. Using a PIN to enable 
this operation is standard practice with current smart- 
cards. More sophistteated methods are soon to be wide- 
ly available. These methods have In common to use bl- 
ometrlc data e.g., the finger prints of the user are rec- 
ognized through an appropriate sensor placed on the 
smart-card. This will add definitively to the security 
hence, better contributing to reach the goals of the in- 
vention i.e., authentication, integrity and non-repudia- 
tion of commercial transactions from standard widely 
available devtees. At this point the overall process [260] 
to cany out signature of the secure transaction in user 
mobile device is over. Then, next step [215] consists In 
sending back to the server the signed transaction 
(signed with user private key). Business application run- 
ning on server thus, completes the signature cycle in a 
global checking step [270] including a completion step 



[223] for signing servlet [220], a checking step in server 
[237] utilizing user public key followed by the sending 
[238] of a last transaction status, under the fomi of a 
new Web page, to the client PC machine at the origin of 
s the transaction. 

[0015] Figure 3 illustrates a pretended embodiment of 
the cross-referencing table or directory mentioned in fig- 
ure 2 and required to carry out the Invention. Table [300] 
lists the users [310] that are recognized by the Web 
10 server as being legitimate users authorized to deal with 
the business application. For each registered user, a 
mobile device ID number to call i.e., a phone number 
^0], Is first listed. Secondly, the public key [330], cor- 
responding to the token (smart-card) of the user, is re- 
's corded too so that server holds. In an identifk:atk>n 
record [340], for every user, all necessary Information to 
cany out secure commercial transactions. The precise 
form under which table is actually implemented and the 
way It Is searched when Interrogated is beyond the 
20 scope of the invention, Those skilled In the art will rec- 
ognize that numerous altemate ways e.g., tailored to fa- 
vor performance or memory size required, are feasible. 
As an exanfiple table could be implemented to obey the 
specifications of LDAP (Lightweight Directory Access 
25 Protocol) a protocol for accessing on-line directory serv- 
ices defined by the IETF (Internet Engineering Task 
Force) in RFC's (Request For Comments) especially, 
RFC 1 777. LDAP defines a relatively simple protocol for 
updating and searching directories running over TCP/ 
30 IP (the Internet suite of pnstocois). An LDAP directory 
entry is a collection of attributes with a name, called a 
distinguished name (DN). The DN refers to the entry un- 
ambiguously. Each of the entry's attributes has a type 
and one or more values. The types are typically mne- 
35 monic strings, like "cn" for common name, or 'mail" for 
e-mail address. LDAP directory entries are arranged in 
a hierarchical structure that reflects political, geograph- 
fc, and/or organizational boundaries. Entries represent- 
ing countries appear at the top of the tree. Below them 
40 are entries representing states or national organiza- 
tions. Below them might be entries representing people, 
organizational units, printers, documents, or just about 
anything else. Therefore, cross-referencing table of the 
invention can advantageously be implemented under 
<5 the form of a customized LDAP directory, 

[001 6] Figure 4 shows ail the components of the sys- 
tem per the Invention. It involves a standard PC [400] or 
any computer-like machine capable of accessing, over 
the Internet or any combination of public/private net- 
so wort<s [405], a server [410] running the application i.e., 
a business application [420] core of a commercial-like 
site [430] that user [41 5] wants to deal with. Then, initial 
part of the transaction Is thus conducted from the PC 
[400]. When user is satisfied with contents and objects 
55 of the transaction it approves it. This enables the corre- 
sponding part of the business applteation [435] running 
over the server [41 0} and using one or more directory 
orcross-referencing table [425] aimed at logging the us- 
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ers permitted to access the business application, to trig- 
ger the sending of a signature request towards user% 
wireless mobile device e.g., its cellular mobile phone 
[450]. This is done through the networl<t405] and a wire- 
less gateway [440] operated e.g., according to the Wire- 
less Application Protocol (WAP), thence, transaction 
may be approved from the token [460] that user pos- 
sesses (usually a smart-card) housing, among other 
things. Its private l<ey, in order to complete the transac- 
tion in signing It therefore, allowing to meet ail the goals 
of a secure transaction namely, strong authentication, 
integrity and non-repudiation. 



Claims 

1. A method of associating communications devices 
[400] [450] to carry out a secure transaction over an 
untrusted networic [405] from anelectroniccommer- 
ciai-like site [430], said communications devices In- 
dependently capable of communicating with said 
electronfc commerciai-like site, said eiectronk; com- 
mercial-like site managing a directory [425] of legit- 
imate users [415] each having an identification 
record [340], said legitimate users each possessing 
a token [480], said method comprising the steps of: 

when aver one of said legitimate users [41 5] de- 
sires to carry out a said secure transaction: 
preparing [240] said secure transaction from a 
first said communications device [400] featur- 
ing convenient human being interfaces [110] 
[120] [130] to communicate with said commer- 
cial-like site [430]; 
when done: 

forwarding to said commercial-like site, from 
said first communications devk», an approval 
[205] of content of said secure transaction; 
when said approval is received in said commer- 
cial-like site for said secure transaction pre- 
pared by said legitimate user: 

retrieving [235] in said identification record 
[340] of said legitimate user an identifica- 
tion of a second communications device 
[320] through which said legitimate user is 
reachable; 

issuing [250] in said commercial-like server 

towards said second communications de- 
vice a request to have said secure trans- 
action signed; 

carrying out signature [260] of said secure 

transaction from said second communica- 
tions device enabled with said token of said 
legitimate user thus obtaining a signed se- 
cure transaction; 



transmitting [215] said signed secure 
transaction back to said commerclal-iike 
site; 

s checking [270] in said commercial-like site 

said signed secure transaction; 

thereby, completing said secure transaction. 

10 2. The method according to claim 1 wherein each said 
identification record [340] of said directory [300] in 
said commercial-like site includes: 

a user identification [310] of a said legitimate 
15 user; 

a device identification [320] of a said second 
communications devfee through which said le- 
gitimate user is reachable; 

so 

a user public key [330] contained in a said token 
owned by said legitimate user. 

3. The method according to any one of the previous 
claims wherein saki token [460] of said legitimate 
user includes the storing of: 

a user private key; 

30 a personal identification number (PIN), 

4. The method according to any one of the previous 
claims wherein said preparing step includes the 
steps of: 

35 

accessing [201] a Web senrer business appli- 
cation [230] in said eiectronk; commercial-like 
site [430]; 

40 providing, in response to a request for authen- 

tication [231 ] from said Web server business 
application, credentials [202] to be recognized 
as a legitimate user [232]; 

*5 browsing [203] [233] said electronic commer- 

cial-like site; 

filling In [204] [234] all required infomiatlon to 
allow completion of said commercial-like trans- 
50 action. 

5. The method according to any one of the previous 
claims wherein said Issuing step [250] includes the 
steps of: 

55 

formatting [236], in said commercial-like site, a 
request to have said secure transaction signed 
In sakl second communications devtee, said 
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step of formatting a request optionally Including 
the further steps of: 

signing origin of said request, said step of 
signing origin Including: 

s 

employing said user public key of said le- 
gitimate usen 

additionally employing a private key of said 
commerciaNike site; io 



vtee is a tolcen encdiled wireless mobile devtee. 

11. A system, in parttoular a server Implementing a 
commercial-like site, comprising means adapted for 
canying outthe method according to any one of the 
previous claims. 

12. A computer-like readable medium comprising In- 
structions for canying out the method according to 
any one of the claims 1 to 1 0. 



forwarding [221], from said commercial-like 
site, to said second communications device 

said request; 

waiting [222] till said second communications 
responds. 



6. The method according to any one of the previous 
claims wherein said step of carrying out signature 
[260], in said second communbatlons devtee, in- 20 
eludes the steps of: 



checking [211 ] said rsquestto hove said secure 
transaction signed, said step of checking op- 
tionally Including the further step of: 

authenticating origin of said request; 



displaying [21 2] content of said secure transac- 
tion; 

prompting [213] said legitimate user to enter 
said PIN of said token; signing [214] said re- 
quest with said user private key. 



7. The method according to claim 6 wherein said step as 
of prompting [21 3] said legitimate user to enter said 
PIN is replaced by the step of analyzing blometric 
data of said legitimate user. 



8. The method according to any one of the previous *> 
claims wherein said checking step [260], in said 
commercial-like site, includes the steps of: 



detecting [223] completion of signature by said 
second communications device; 



checking [237] said signed request transaction 
with said public key of said legitimate user; 

fonwarding [238] a transaction status to said ^ 
first communications device. 

9. The method according to any one of the previous 
claims wherein said first communications device is 
a standard personal computer. ss 



10. The method according to any one of the previous 
claims wherein said second communications de- 
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